<?php 
if ($section != "comments") {
	if ($action == "add") {
		$insertSQL = sprintf("INSERT INTO materials 
			(
			cid, 
			matType, 
			matAuthor,
			matTitle,
			matYear,
			matPublisher,
			matCity,
			matEglobal,
			matISBN,
			matVolume,
			matIssue,
			matPages,
			matURL,
			matURL_type,
			matInfo
			) 
			VALUES 
			(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", 	
				GetSQLValueString($cid, "int"),
				GetSQLValueString($_POST['matType'], "int"),
				GetSQLValueString($_POST['matAuthor'], "text"),
				GetSQLValueString($_POST['matTitle'], "text"),
				GetSQLValueString($_POST['matYear'], "text"),
				GetSQLValueString($_POST['matPublisher'], "text"),
				GetSQLValueString($_POST['matCity'], "text"),
				GetSQLValueString($_POST['matEglobal'], "text"),
				GetSQLValueString($_POST['matISBN'], "text"),
				GetSQLValueString($_POST['matVolume'], "text"),
				GetSQLValueString($_POST['matIssue'], "text"),
				GetSQLValueString($_POST['matPages'], "text"),
				GetSQLValueString($_POST['matURL'], "text"),
				GetSQLValueString($_POST['matURL_type'], "text"),
				GetSQLValueString($_POST['matInfo'], "text")
				);
  						
		mysql_select_db($database, $connection);
  		$result1 = mysql_query($insertSQL, $connection) or die(mysql_error());
		//echo $insertSQL."<br>";
		
		$query_id = sprintf("SELECT id FROM materials WHERE cid='%s' ORDER BY id DESC", $cid);
		$id = mysql_query($query_id, $connection) or die(mysql_error());
		$row_id = mysql_fetch_assoc($id);
		
		$insertGoTo = "../index.php?section=proposal_materials&action=confirm&go=".$go."&cid=".$cid."&id=".$row_id['id']."&modal_window=".$modal_window."&msg=3";
		//if ($section == "admin") $insertGoTo = "../index.php?section=list&msg=2";
		header(sprintf("Location: %s", $insertGoTo));
	}
	
	if ($action == "edit") {
		$updateSQL = sprintf("UPDATE materials
			SET 
			cid=%s, 
			matType=%s, 
			matAuthor=%s,
			matTitle=%s,
			matYear=%s,
			matPublisher=%s,
			matCity=%s,
			matEglobal=%s,
			matISBN=%s,
			matVolume=%s,
			matIssue=%s,
			matPages=%s,
			matURL=%s,
			matURL_type=%s,
			matInfo=%s
			WHERE id=%s", 
				GetSQLValueString($cid, "int"),
				GetSQLValueString($_POST['matType'], "int"),
				GetSQLValueString($_POST['matAuthor'], "text"),
				GetSQLValueString($_POST['matTitle'], "text"),
				GetSQLValueString($_POST['matYear'], "text"),
				GetSQLValueString($_POST['matPublisher'], "text"),
				GetSQLValueString($_POST['matCity'], "text"),
				GetSQLValueString($_POST['matEglobal'], "text"),
				GetSQLValueString($_POST['matISBN'], "text"),
				GetSQLValueString($_POST['matVolume'], "text"),
				GetSQLValueString($_POST['matIssue'], "text"),
				GetSQLValueString($_POST['matPages'], "text"),
				GetSQLValueString($_POST['matURL'], "text"),
				GetSQLValueString($_POST['matURL_type'], "text"),
				GetSQLValueString($_POST['matInfo'], "text"),
				GetSQLValueString($id, "int")
			);
  						
		mysql_select_db($database, $connection);
  		$result1 = mysql_query($updateSQL, $connection) or die(mysql_error());
		// echo $updateSQL;
		
		if ($go == "no") $updateGoTo = "../index.php?section=proposal_materials&action=confirm&cid=".$cid."&id=".$id."&modal_window=".$modal_window."&msg=3";
		elseif ($go == "review") $updateGoTo = "../index.php?section=proposal_materials&cid=".$cid."&modal_window=".$modal_window."&msg=5";
		elseif ($go == "detail") $updateGoTo = "../index.php?section=view_proposal&dbTable=materials&cid=".$cid."&id=".$id."&modal_window=".$modal_window."&msg=2";
		//elseif ($go == "proposal_detail") $updateGoTo = "../index.php?section=view_proposal&cid=".$cid."&msg=2#materials";
		else $updateGoTo = $updateGoTo."&msg=5";
		//if ($section == "admin") $insertGoTo = "../index.php?section=list&msg=2";
		header(sprintf("Location: %s", $updateGoTo));
		}
	}
?>